If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

'Beneficial' Network Worms

Convinced that businesses will use nonmalicious worms to cut down on network security costs, a high-profile security researcher is pushing ahead with a new framework for creating a "controlled worm" that can be used for beneficial purposes.

Dave Aitel, vulnerability researcher at New York-based Immunity Inc., unveiled a research-level demo of the "Nematode" framework at the Hack In The Box confab in Kuala Lumpur, Malaysia, insisting that good worms will become an important part of an organization's security strategy.

Considering nearly every /. article eventually makes it here, sorry if this has been posted already.

Anyone else think this sounds useless? I feel like someone is trying to make a name for themself with this concept...

The concept includes the use of "Nematokens," servers that are programmed to only respond to requests from networks cleared for attacks and the NIL (Nematode Intermediate Language) that can be used as a specialized and simplified "assembly for worms."

It needs it's own language?

"We already have an engine that takes exploits and turns them into worms and does it in a way that allows you to inject control mechanisms into that. That's something that will appeal to businesses.

If you have control of your network, why would you need to haul your patches around on an exploit? If you know where your machines are, why would you need worm methodology to find them?

I heard of this approach before, somewhere, maybe here. I still think it is a doomed concept. All that will happen is that this tool will be used to create more effective, more powerful malware. Didn't they look at the current crop of malware packages? Many have hijacked legitimate security programs (psec.exe, for one) to leverage exploits. What makes them think their product will be treated any differently?

Aitel is trying to "change the way people think." Unfortunately, his efforts are directed at the wrong people.

Wasn't it the Welchia worm/virus originally created to find and patch those machines that were or could be infected by the MSBlast virus? In other words, it was intended to be a so called "good" worm. The Welchia did more harm than the MSBlast in my opinion, simply because of the enormous amount of traffic it generated and it is still out there, I see it with the home users that VPN into the office(a whole different rant entirely).

There are two rules for success in life:
Rule 1: Don't tell people everything you know.

Originally posted here by steve.milner The road to hell is paved with good intentions.

Steve sums up the whole point very nicely.

I honestly have never HEARD of Immunity Inc. Looking at their site, it's a pretty small org. Their bios show some decent credentials, but nothing to get all atwittered over.

This sounds a LOT like marketing hype leveraging the media sensationalism of worms to sell a half-baked idea. For example, you get some CIO with more executive than technical experience, tell him gloom and doom tales of Nimda, Code-Red, Slammer, and the like until (s)he's nearly in tears, then explain how your "new technology" can "use the same vectors of attack that these mean old nasty hacker worms use" to "fix" all of your problems.

What about the impact of this "benevolent worm" on network performance? How can you really control a self-propogating piece of code? Yes, yes, reporting back to some centralized management server, I read the piece...but what happens when that code get's into a network that is NOT white listed...the infected client keeps asking for authorization, until told "no"? What happens if your centralized servers are DoS'd...intentionally or not...what happens if... what about when...

No, I see way, WAY too many things that can go wrong with this. I don't believe their team subscribes to the KISS methodology, and I would have to vote a "HIGHLY DOUBTFUL" if asked if this could be effective.

But hey, I've been wrong before. Once...or twice...maybe.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore